Sweetmorn, the 65 day of Confusion in the YOLD 3185
Locked Shields 2019
Locked Shields is an annual blue team computer security exercise organised by NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE). Many countries, both NATO and non-NATO, participate in the exercise. This year there were 24 teams.
The narrative during the exercise is that there is some tension between two fictive countries, Berylia and Crimsonia. Berylia might be attacked by Crimsonia at any time, especially in the cybers. The blue team is part of an expert team dropped into Berylia to help them defend themselves.
Through $DAYJOB I was invited to join the Swedish blue team for Locked Shields 2019 in April this year. The Swedish part of the exercise was held at Swedish Defence University in Stockholm.
The actual exercise was just two days but we had three initial training days to familiarize ourselves with the network and the machines, prepare our tools and our own version control systems. There were about 150 machines: some Windows boxes, some Linux boxes, some industrial control systems, different firewalls, routers and switches.
After some initial confusion I ended up in the newly created Apps subteam. We took responsibility of all the Berylian in-house software, the development systems, the continous integration and the Docker swarm. Everything was, of course, rather broken and insecure. I was really impressed by the people who had been setting this up.
The CCDCOE red team started attacking our systems almost immediately. We had our hands full trying to harden the systems, fixing things, reporting cracked systems and coordinating with other subteams.
The Berylian software developers themselves were curiously missing during the entire exercise but their users were present and complaining about systems that didn't work.
Several times other subteams had hardened their part of the network and effectively brought our systems down by, for instance, demanding strong authentication and encrypted connections which the Berylian software didn't support. We had to add features like that on the fly.
At times things were miserable but all in all we learned much and had a lot of fun.
Result: The Swedish team ended up in third place! Congratulations to the French and Czech teams!